Aggregator

Открытые и закрытые модели вступили в соревнование за «истинную картину мира»

Learn how SaaS platforms can automate local payroll tax compliance using identity data, real-time tax APIs, geolocation, and secure workflows for accuracy.

The post From User Identity to Payroll Accuracy: Automating Local Tax Compliance with SaaS Tools appeared first on Security Boulevard.

SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. [...]

A vulnerability, which was classified as critical, has been found in WP Jobs Plugin up to 1.4 on WordPress. This vulnerability affects unknown code of the file wp-admin/edit.php. Performing manipulation of the argument jobid as part of Parameter results in sql injection. This vulnerability is cataloged as CVE-2017-9603. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Mojoomla WPCHURCH Church Management System on WordPress and classified as critical. Affected is an unknown function. Such manipulation of the argument ID as part of Parameter leads to sql injection. This vulnerability is documented as CVE-2017-14845. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Mojoomla WPAMS Apartment Management System on WordPress. It has been declared as critical. Affected by this issue is some unknown functionality. Executing manipulation of the argument ID as part of Parameter can lead to sql injection. This vulnerability appears as CVE-2017-14847. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability has been found in WatuPRO Plugin up to 5.5.3.6 on WordPress and classified as critical. Affected is an unknown function of the file wp-admin/admin-ajax.php. The manipulation of the argument watupro_questions as part of Parameter leads to sql injection. This vulnerability is listed as CVE-2017-9834. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mojoomla School Management System on WordPress. This affects an unknown function. The manipulation of the argument ID as part of Parameter results in sql injection. This vulnerability is cataloged as CVE-2017-14843. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in UserPro Plugin up to 4.9.17.0 on WordPress and classified as critical. This affects an unknown function. The manipulation of the argument up_auto_log as part of Parameter results in improper access controls. This vulnerability is known as CVE-2017-16562. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in Participants Database Plugin up to 1.7.5.9 on WordPress. The affected element is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2017-14126. The attack can be initiated remotely. Additionally, an exploit exists. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Rumpus FTP Server 9.0.12. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-55059. The attack may be launched remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in SolarWinds Observability Self-Hosted. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26391. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability labeled as problematic has been found in SolarWinds Observability Self-Hosted. This issue affects some unknown processing. Executing manipulation can lead to open redirect. This vulnerability is handled as CVE-2025-40545. The attack can be executed remotely. There is not any exploit available.

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens. GitGuardian identified 14,206 secrets across 487 organizations, with 2,485 still valid.

The post Shai-Hulud 2.0: over 14,000 secrets exposed appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Xtooltech Xtool AnyScan App up to 4.40.40 on Android. This affects an unknown part. Executing manipulation can lead to use of hard-coded cryptographic key . This vulnerability is tracked as CVE-2025-63433. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in Xtooltech Xtool AnyScan Android Application up to 4.40.40. Affected by this issue is some unknown functionality of the component SSL Handler. Performing manipulation results in improper certificate validation. This vulnerability is identified as CVE-2025-63432. The attack can be initiated remotely. There is not any exploit available.

Платформа Илона Маска раскрывает всю подноготную аккаунтов.

A new malware campaign targeting Brazilian users has emerged, using WhatsApp as its primary distribution channel to spread banking trojans and harvest sensitive information. This sophisticated attack leverages social engineering by exploiting the trust victims place in their existing contacts, making the malicious files appear legitimate. The campaign begins with phishing emails containing archived VBS […]

The post Hackers Leveraging WhatsApp to Silently Install Malware to Harvest Logs and Contact Details appeared first on Cyber Security News.